Affine Pairings on ARM

@inproceedings{Acar2012AffinePO,
  title={Affine Pairings on ARM},
  author={Tolga Acar and Kristin E. Lauter and Michael Naehrig and Daniel Shumow},
  booktitle={Pairing},
  year={2012}
}
We report on relative performance numbers for affine and projective pairings on a dual-core Cortex A9 ARM processor. Using a fast inversion in the base field and doing inversion in extension fields by using the norm map to reduce to inversions in smaller fields, we find a very low ratio of inversion-to-multiplication costs. In our implementation, this favors using affine coordinates, even for the current 128-bit minimum security level specified by NIST. We use Barreto-Naehrig (BN) curves and… 

Tables from this paper

Efficient Implementation of Bilinear Pairings on ARM Processors
TLDR
This paper investigates the efficient computation of the Optimal-Ate pairing over Barreto-Naehrig curves in software at different security levels on ARM processors, exploiting state-of-the-art techniques and proposing new optimizations to speed up the computation in the tower field and curve arithmetic.
Efficient Pairings on Various Platforms
TLDR
This thesis gives an introduction to pairing-based cryptography and describes the Tate pairing, and extends the idea of lazy reduction to field inversion, optimize curve arithmetic, and construct efficient tower extensions to optimize field arithmetic.
Implementing Cryptographic Pairings on ARM dual-core Processors
TLDR
This paper explores the parallelization capabilities of the ARM processing system embedded in a Zynq device for a software implementation of the optimal Ate pairing by organizing operations of line evaluation and point arithmetic formulas to have little data dependency and scheduling independent operations to be perfomed simultaneously in separate cores of an ARM dual-core Cortex-A9 processor.
Implementing Cryptographic Pairings on ARM dual-core Processors
TLDR
This paper explores the parallelization capabilities of the ARM processing system embedded in a Zynq device for a software implementation of the optimal Ate pairing by organizing operations of line evaluation and point arithmetic formulas to have little data dependency and scheduling independent operations to be perfomed simultaneously in separate cores of an ARM dual-core Cortex-A9 processor.
Fast Software Implementations of Bilinear Pairings
TLDR
This paper investigates the efficient computation of the Optimal-Ate pairing over special class of pairing friendly Barreto-Naehrig curves in software at different security levels and significantly improves the state-of-the-art of pairing computation on ARM-powered devices and x86-64 PC platforms.
Fast Quadrupling of a Point in Elliptic Curve Cryptography
  • Duc-Phong Le
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2011
TLDR
This paper extends their method and presents a fast algorithm for computing 4P with only one inversion in affine coordinates, faster than two repeated doublings whenever the cost of one field inversion is more expensive than thecost of four field multiplications plus three field squarings.
Improved Precomputation Scheme for Scalar Multiplication on Elliptic Curves
TLDR
A new scheme to precompute all odd multiples on standard elliptic curves in affine coordinates and shows that the scheme requiring only 2(k −1) registers, offers the best performance in the case of k ≥8 if the I/M-ratio is around 10.
Choosing and generating parameters for pairing implementation on BN curves
TLDR
The main purpose of this paper is to describe explicitly and exhaustively what should be done to generate the best possible parameters and to make the best choices depending on the implementation context.
Hardware processors for pairing-based cryptography
  • R. Ronan
  • Computer Science, Mathematics
  • 2016
Bilinear pairings can be used to construct cryptographic systems with very desirable properties. A pairing performs a mapping on members of groups on elliptic and genus 2 hyperelliptic curves to an
The Realm of the Pairings
TLDR
This paper reviews the evolution of pairing-based cryptosystems, the development of efficient algorithms and the state of the art in pairing computation, and the challenges yet to be addressed on the subject, while also presenting some new algorithmic and implementation refinements in affine and projective coordinates.
...
1
2
3
...

References

SHOWING 1-10 OF 35 REFERENCES
An Analysis of Affine Coordinates for Pairing Computation
TLDR
In this paper, it is observed that in many practical settings, e.
Faster Explicit Formulas for Computing Pairings over Ordinary Curves
TLDR
Efficient formulas for computing pairings on ordinary elliptic curves over prime fields are described, improving on the state-of-the-art performance of cryptographic pairings by 28%-34% on several popular 64-bit computing platforms.
New Software Speed Records for Cryptographic Pairings
TLDR
An implementation which computes the optimal ate pairing on a 257- bit Barreto-Naehrig curve in only 4,470,408 cycles on one core of an Intel Core 2 Quad Q6600 processor is presented.
High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves
TLDR
The design of a fast software library for the computation of the optimal ate pairing on a Barreto-Naehrig elliptic curve is described, able to compute the optimal eating pairing over a 254-bit prime field Fp, in just 2.33 million of clock cycles.
Trading Inversions for Multiplications in Elliptic Curve Cryptography
TLDR
A variant which is faster whenever a field inversion is more expensive than six field multiplications is proposed, an improvement when tripling a point, and a ternary/binary method to perform efficient scalar multiplication are presented.
On the Final Exponentiation for Calculating Pairings on Ordinary Elliptic Curves
TLDR
This work exploits the structure of pairing-friendly elliptic curves to reduce to a minimum the computation required for the final exponentiation of the Tate pairing.
A family of implementation-friendly BN elliptic curves
Efficient and Generalized Pairing Computation on Abelian Varieties
TLDR
Using the R-ate pairing, the loop length in Miller's algorithm can be as small as log (r1/phi(k)) some pairing-friendly elliptic curves which have not reached this lower bound.
The Eta Pairing Revisited
TLDR
By swapping the arguments of the Eta pairing, one obtains a very efficient algorithm resulting in a speed-up of a factor of around six over the usual Tate pairing, in the case of curves that have large security parameters, complex multiplication by an order of Qopf (radic-3), and when the trace of Frobenius is chosen to be suitably small.
Faster Pairing Computations on Curves with High-Degree Twists
TLDR
Efficient formulas for curves with twists of degree 2, 3, 4 or 6 are presented and it is shown how these faster formulas can be applied to Tate and ate pairing variants, thereby speeding up all practical suggestions for efields of large characteristic.
...
1
2
3
4
...